"common" administrative security group is removed by user
Bug #1804227 reported by
Jesper Schmitz Mouridsen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
If an administrator is adding a security group to a server and the security group is not in the servers project,horizon deletes it again when the user edits the instances security group.
Steps:
admin create security group common
server add security group common server-
horizon login as user of another-project edit security groups on server-
Result the not visible "common" sec group is removed from server-
tags: | added: neutron |
To post a comment you must log in.
I am marking this as Incomplete from the observation below.
neutron API does not allow to add/remove a specific security group. When a regular user would like to update security groups of a neutron port, they needs to specify a whole set of security groups.
Such regular user cannot know security group(s) assigned by admin (you mentioned in the bug report), so this is not specific to horizon.
If you really would like to have this feature in OpenStack, I would suggest you to discuss this with Nova/Neutron team.
As my neutron core hat this usage is not intended. It just works for nova security group API which has been deprecated a long ago. neutron-fwaas has a concept of shared firewall groups and I believe this is designed to support a feature you want.